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METHOD AND SYSTEM FOR ESTABLISHING SECURE DATA 
TRANSMISSION IN A DATA COMMUNICATIONS NETWORK 
NOTABLY USINC AN OPTICAL MEDIA KEY ENCRYPTED 
ENVIRONMENT (OMKEE) 

5 

The present invention relates generally to the secure transmission of data 
between a client and a remote network entity, such as a server, in a communications 
network, such as the Internet, an intranet, an extranet or wireless netwoik. 

Tt is "becoming increasingly desirable to transmit confidential information 

10 between parties vjh the Internet in an encrypted fashion in < ji der that the data remain 
unintelligible to illegal recipients or intermediate parties. The need for increased 
security is heightened by the ubiquitous nnluie of the Internet, and the wide variely 
web-based appl ication now provided by electronic commerce service providers. 

In some instances, the. confidential data is encrypted and decrypted by use of 

is a symmetric encryption key> In this case, an identical encryption key is used by 
both the sender uf the confidential data and the legitnxmte receiver to encrypt and 
decrypt a message transmitted between two parties. However, knowledge of the 
symmetric encryption key by both the sender, and receiver of the confidential da 1st 
adds to the risk of the key being acquired by an illegitimate lecipicnt 

20 Another method of providing secure data transmission between two parties is 

to use two separate keys, known as a key pair, in which a first public key of the key 
pair is used for encryption of a message from a legitime it: sender whilst a second 
private key of the key pair is used by the legitimate receiver for decrypliim of the 
message. This method is commonly known as asymmetric key cryptography. 

25 Typically, when a paity wishes to send secure information, such as a credit card or 
personal identification number, to another entity, the-person requests fliat the entity 
provide them with a digital certificate, which includes the entity's public key, and a 
number of preferred encryption algorithms. Information desired to be sent to the 
remote party is then encrypted with that public key and sent as cypheitext. The 

3n cyphertcxt can only be decrypted by using the private key of the receiving pm ty, 
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which is not made publicly available. 

Whilst such h system provides improved security over symmetric encryption 
techniques, the increased use of computers and computer networks in many 
organisations, and the distributed manner in which private/public key pairs are 
s stored in th«se organisations, increases the risk of an iraHnilmi ised person obtaining 
access to stored key pairs and ct msequcntly being able to illegally intercepf 
confidential information. 

There cum™ l.1y exists a need to provide a method of secure tr ansmission of 
data that ameliorates or overcomes one or more problems of known methods and 
iu sysiKms for providing secured cornmunications, 

It would also be desirable to provide a method of establishing secure data 
transmission in a communications network that minimises the risk of unauthorised 
interception of the data. 

There also exists a need to provide a method of establishing secure data 
15 transmission in a communications network, and a system for realising such a 
TrmUiod, that is convenient and simple for on« or both parties involved in the 
transmission of the confidential information. 

With this in mind, one aspect of the present invention provides a innthod of 
establishing secure data transmission in a communications network between a client 
20 and a remote network entity, the method comprising the steps of: 

a) encoding an optical media security token with encrypted information; 

mid 

b) using Iho encrypted information to establish said secure data 
transmission. 

25 In one embodiment, the encrypted information includes token and user 

identification information, step (b.) including: 

(c) verifying with the client iha aathentioity of the token identification 
mformation, 

(d) upon verification, transmitting the user identification information to the 
30 remote network entity, 
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(c) verifying that the remote network enlily the authenticity of the user 
identification informal.! on, and 

(f) verifying at the remuie: network entity the authorisation of the user to 
access one or more applications. 
5 In one embodiment of the invention, the optical media security token 

comprises optical media such as a CD-ROM, DVD or CD-MO. 

A secure data transmission method having (hese steps provides a multiphase 
process of authenticaiimi in an optical media key encryption environment 
(OMKHB) to ensure the integrity and confidentiality of the communication between 
io a user m id an application. 

Conveniently, step (a) may include generating a first digital certificate 
including the token identification information, and storing the first digital certificate 
on tbr. security token. In this case, step (c) may inuludc decrypting the first digital 
certificate, and compai iag the token identification information with reference token 
15 ' identification data. 

Step (a) may also include generating a st-.mmd digital certificate including the 
user identifier r inn, and storing the second, digital certificate nn ihe security token. 
In this case, step (c) may include decr ypting the second digital certificate by using 
lh« public key of a Certification Authority. Step (c) may men include comparing 
20 the user idenrifit:ai.itui information with a certificate revocation 1 ist maintained by 
the Certification Authority. 

Step (d) may include generating client da/.n for transmission to the remote 
network entity, attaching a user digital signature to the client data, and transmitting 
the client data and user digital signature to the remote network entity. The 
25 decrypted second digital certificate may be used in sinn (c) to decrypt the client data 
at the remote network entity. 

Step (f) may include sending » challenge value from the remote network 
nitity to the client, sending a response value from the client to the remote network 
entity, and comparing the challenge and response values at th« i emote network 
30 entity. A user password may br. maintained in a user profile database, Ihe response 
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value being generated at the client by using the user password, a user pi ivatc key 
and the challenge value. The challenge and response values may then be compared 
at the remote network entity by using the user password, u user public key and the 
challenge value. 

Tn one embodiment, step (c) may be repeated up to a predetermined number 
of times to verity user access authorisation. 

Another aspect of the invention provides a secure data transmission system 
comprising a client and a remote network entity interconnected by a 
communications network, the client being adapted to read an optical media security 
Lokcn bearing encrypted information. 

Tn one embodiment, the encrypted in Ah mation includes token and user 
identification information, the client including a first data processing unit and 
associated memory device for .storing code to cause the client to verify the 
authenticity of the token identification informy t ion, and, upon verification, transmit 
the user identirlr^Lion information to the remote network entity, and wherein the 
remote network entity includes a second data processing unii and associated second 
memory device for storing code to cause (he remote network entity to verify the 
authenticity of {he user identification information, and to verity the authorisation of 
the user to access one or more applications. 

The code may cause the client and/or remote network entity to perform any 
of the above desur ibed steps. 

Another aspect of the invention provides a remote network entity for use 
with the data transmission system as previously described, the remote network 
entity including a data processing unit and associated memory device for storing 
code to cause the remote network entity to verify the authenticity of the user 
identification information, and verify the authorisation of the user to access one or 
more applications. 

Yet another aspect of (he Invention provides a client for use with a secure 
data transmission system as described previously, the client including a data 
processing unit and associated memory device for storing code to cause the client to 
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veil fy the authenticity of the token idw itification intbnnation, and, upon 
verification, transmit the user identification information to the remote network 
entity, 

The following description refers in more detail to the various features of the 
invention, to facilitate an understanding of the invention* reference is made in the 
description to the accompanying drawings where the method ami system for 
establishing secure data transmission in a communications network is illustrated in 
a preferred embodiment It is to be understood, however, that the invention is not 
limited to the preferred enriindimcnt. 

In the drawings: 

Figure 1 is a schematic diagram illustraiing a secure data transmission 
system for implementing the method of the present invention; mid 

Figure 2 is a flow diagram illustrating one embodiment of a method of 
establishing secure data transmission using the system of Figure 1 . 

Turning now to Figure 1, there is shown generally a system 1 for establishing 
secure data transmission in a communu;ations network 2, in this case the Internet. It 
will be appreciated that in other embodiments of the invention, the secure data 
transmission may taku place in other types of communications uetworks s for 
example, mobile communications or satellite networks, 

The data transmission system 1 includes a climt 3 and remote network entity 
4, such as a merchant ski ver, connectable to the Internet 2. A optical media security 
mlcen 5, such a3 a CD-ROM, DVD, CD-MO or other optical storage media, is 
encoded with encrypted information that can be Tead by the client 3 by means of an 
optical media token reading device 6. The merchant server 4 provides access to one 
or more applications that require thfi authentication of the user's identity 7 and the 
secure transmission of the data between the client and the merchant server. A card 
data database 7 and user profile database 8 arc accessed by the merchant server 4 in 
order to facilitate the establishment of secure, data transmission firomtht; ulient to 
the merchant server 4. : 

A'CertifioHLicm Authority 9 then issues and manages authentication 
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information, such as digital ccrti ficatcs, is also connected to the Internet 2. A 
certificate revocation list database 10 is maintained "by the Certification Authority 9. 
Moreover, a database 1 1 of public keys issued to users is maintained. The client 9 
includes a data processing unit and associated memory device for storing code to 

s enable the client to perform the required tunc! U» ial ity of the secure data 

transmission system. Similarly, the merchant server 4 includes w data processing 
unit and associated memory tfcvice for storing code that enables coxnplernt:ntary 
functionality to be achieved by the merchant server 4. 

The security token 5 is encoded with encrypted token and user identification 

io information, embodied in this instance by two digital certificates 12 and 13 issued 
by 1.1 ie Certification Authority 9. The digital certificate 12. includes a public key 14 
and identification and other data 15 associated with the security token 5. The 
digital certificate 12 is encrypted with a digital signature 16 generated by the 
Certification Authority 9 from that Authority's private key. The private key 17 

15 corresponding to the public key 14 is also stored on the security token 5. 

The digital certificate 13 similarly includes a public key 18 and identification 
hi id other related data 19 associated with the user to whom the security token 5 is 
issued by the Cr.t Lification Authority 9, The digital certificate 1 3 is encrypted by a 
digital signature 20 from the Certification Authority 9. A private key 2 1 

in corresponding to the user public key 1 8 is iil.su stored on the security token 5. 

A digital certificate and public/private key pair 73, 24 is maintained by the 
Certification Authority 9, the digital certificate 22 and Certification Author ity's 
public key 23 being available to the client 3 and mcicliant server 4 via the Internet 
2. 

25 In use, the Certification Aulhuiity 9 stored the digital certificates 12 hth! 1 3 

ami private keys 17 and 21, respectively enabling identification of the security 
token 5 and user lo whom the token has been issued, on the security token 5. The 
token is then issued to a tiser for use in establishing a secure data transmission 
between the client 3 and the merchant server 4. 

30 Upon insertion of the security token 5 into the token reader 6, the client 
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application establishes a connection to the Internet 2 and from there to the. server 
application of the merchant server 4. Both the dient application and server 
application conform to the Secure Sockets Layer (SLL) and Transport Secure Layer 
(TSL) formed between the applies f inn layer and the transport ("f CP) layer of the 

5 Internet protocol used for transmission of data two and from the client 3 and 
merchant server 4. 

All information s lured in the security token 5 is encrypted. In order to bn 
able to read the information contained in the digital certificates 12 and 13, the client 
application initially accesses the encrypted data at step 40, and requests the server 

10 application of the merchant server 4 to retrieve the public key 23 provided by the 
Certification Authority 9. Upon retrieval by Ibr server application of the public key 
23, and thn l.i ansmission of this public key to the client 3, the digilnl uei tificates 12 
is decrypted, at step 41, ami the token identification information 15 compared in 
reference token identification data maintained in Ibe card database 7 by the 

15 merchHfil. server 4. If corresponding valid token identification dwla is located, at 
step 42, in the card data databy.se 7, the authenticity of the security token 5 is taken 
to be valid. If no corresponding data is located, the client application halts the 
establishment of a secure connection between the client 3 and merchant server 4, at 
step 43 . 

20 Once the authenticity of the security token 5 has been validated, any client 

data generated by the client 3 that may be required to be transmitted to the merchant 
server 4 is encrypted by means of Ihe user private key 2 1 . Accordingly, a hash 
function is used on the client data to be transmitted to the merchant server 4, and the 
corresponding message digest signed with the user private key 2 1 to in-eate a user 

25 digital signature at srep 44. The uliciil data is then encrypted with the digital 

signature at step 4*> and the encrypted data sent to lhe merchant server 4 at step 46. 
In addition; the user's digital certificate 13 is transmitted to the merchant, server 4. 

The server application iTiki'i uses the Certification Authority's public key 9.3 
to validate the user's digital certificate 13, and then validates the digital signature 

lo encrypting the client data by means of the validated user digiin1 certificate 13, 
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At step 47, the server application Ttsiri eves the certificate revocation list from 
the database 10 of the Certification Authority 9 to verify the user's digital certificate 
13. The server application verification process check the expiry date and integrity 
of flic digital certificate 13, as well as wheiher the certificate has been issued by a 
5 trusted wa lification authority and whether the certificate has been revoked. 
Typically, the digital certificH i.c 1 3 is X.509 compliant. If the certificate is no I 
valid, the client application will halt all processes and terminate the connection with 
the merchant server 4, otherwise the server application will /hen decrypt all 
• received data from th« client application at step 48, Moreover, the status nF the 
10 user's digital certificate 13 as reported by th« v«i ification function performed by the 
server upplication will be recorded in the user profile database 8. 

The encryption algoril.hu i used to encrypt the data, which may typically be 
RSA, BJLUWFISH, Triple DES and MD5 compliant, is stored on the optical media 
Storage device. 

IS If the user's iHgi ia1 certificate is not rejected by the verification function, a 

search is made in the user profile database 8 for the corresponding user profile using 
a combination of the user's full name and unique idenlini:«(.ion number, as identified 
by the user identificHl.um and related data 19 included in the digital certificate 13. If 
no corresponding record is found or viewed at step 49, the session is terminated by 

2Q the an ver application and the user is prevented from procnmli ng further with the 
establishment of a secure data transmission. 

Alternatively, if a unique record is found, the server application then checks 
ihe user access authorisation to one or more applications posted, iu this example, on 
the merchant server 4. This is achieved using a challenge-response method for 

25 password verification. A user password 25 is included in each user profile 

mainlined in the user profile database 8. Initially, a random challenge value is 
generated by the server application and forwarded to the client application at sLep 
50. After entry by the user of the user pusswbrd at the client 3, the user password is 
aulhenLieated at step 51, by the client application generating h lesponse value using 

30 the user password, the user private key 2 1 , and the challenged value received from 
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the server application, at step 52. At step 53, the response value is transmitted from 
the client 3 to the.merchinnl. server 4. When the server application receives the 
response value from the client application, the merchant server 4 then computes a 
value wiih the same calculation formula using the challenge value sent by the client 

5 application, and using Hie user password retrieved from the user profile maintained 
in the user profile database 8, and the user public "key 18 (as provided by the 
Certification Authority 9 from the user keys database 11). The sei-ver application 
then compares the challenge value with the user's response value at step 54. 

if the challenge and response values are determined by the server application 

10 to be equal at step 55 the client application is provided with aexu-ss to one or more 
of the applications hunted at the merchant server 4, at step 56, Otherwise, lh« client 
application will once again prompt the user u» enter their password at the client 3, in 
which case steps 51 to 55 will be repeated up to a predetermined number of times in 
order to verify the authorisation of the user to access the application or applienl iuus 

15 hosted by the merchant server 4. If (he user's password is rejected more than that 
predetermined number of times, the user profile maintained in the user profile 
database 8 will be recorded as invalid, and the user will be required to apply to the 
organisation maintaining the merchant servei 4 for reactivation of the user account. 
Typically, the digital certificate 13 may contain the full name of a user and 

20 include a unique TJsei Identification Number (U1D), In some instances the UTT> 
may be a user's Identity Card Number (TC) and the full name included in the digital 
certificate 13 may be the same as that that appears on the user's identity card or 
passport. 

Finally, it is to be understood that various modifications and/or additions 
25 may be made to the method or system for establishing secure data transmission as 
described hereabove without departing from the spirit or ambit of the preseni 
.invention. 
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